Shulan Hou

Publisher Information

Shulan Hou is a software publisher located in Dingzhou, Hebei in China*. The company is a primary distributor of unwanted software. Thre are 45 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
12/24/2014 1:00:00 AM

Valid to:
1/6/2016 1:00:00 PM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0e5d7348adffe93d9a1e35c180f4e728

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ShulanHou.O, PUP.ShulanHou.R, PUP.ShulanHou.K, PUP.ShulanHou.G, PUP.ShulanHou.Q, PUP.ShulanHou.U, PUP.ShulanHou.I, PUP.ShulanHou.T, PUP.ShulanHou.t, PUP.ShulanHou.Y, PUP.Ma Lin.ShulanHou, PUP.ELEX.ShulanHou (M), PUP.ELEX.ShulanHo (M), PUP.ELEX (M)
100.00%

VIPRE Antivirus
BehavesLike.Win32.Malware.sfd (mx-v), Trojan.Win32.Generic
55.56%

AVG
Generic
44.44%

Sophos
Elex, PUA 'Elex' (of type Adware)
33.33%

G Data
Gen:Application.Elex, Win32.Application.Limo
28.89%

MicroWorld eScan
Gen:Application.Elex.1
22.22%

Bitdefender
Gen:Application.Elex.1
22.22%

F-Secure
Gen:Application.Elex.1
20.00%

AhnLab V3 Security
PUP/Win32.SearchHijacker
20.00%

Qihoo 360 Security
HEUR/QVM41.1.Malware.Gen, Win32/Application.33e, HEUR/QVM10.1.Malware.Gen
17.78%

1 / 68      (Adware)
wrlj8fkyshbrivbs50xywxdlwrlj8fkyshbrivbs50xywxdl_a7.exe  (4a16175abb18f396ce0d419718414f80)

1 / 68      (Adware)

1 / 68      (Adware)
smt_mystartsearch.exe (2389_smt_mystartsearch by One Syn)  (95987352c27a905e70d5e27c9616a20a)

1 / 68      (Adware)
TMain.exe (2457_uni_webssearches by TabMain)  (dddc21716448cfbbba4f7210299102b3)

1 / 68      (Adware)

1 / 68      (Adware)
smt_mystartsearch.exe (2389_smt_mystartsearch by One Syn)  (e7aead383d44f5e5805cfbb949e77a4a)

1 / 68      (Adware)

1 / 68      (Adware)
lly_omiga-plus.exe (2393_tugs_omiga-plus by One Syn)  (9808d5aa95cf5db5025e5d92c224ba16)

1 / 68      (Adware)
smt_mystartsearch.exe (2389_smt_mystartsearch by One Syn)  (fbdf209eae4c6f77166f2720a0f01ecc)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)
wpc_mystartsearch.exe (2303_wpc_mystartsearch by NaNi)  (28b12d482b0fddb24d804940bbcacc5f)

1 / 68      (Adware)
web searches.exe (2432_ika_webssearches by TabMain)  (70173d81d5c73db396879b6084e21d44)

1 / 68      (Adware)

10 / 68    (Adware)
squadm_omiga-plus.exe (2427_squadm_omiga-plus by One Syn)  (5ef6bcf52af91c41cdc0d8ea7d5ccfef)

18 / 68    (Adware)

8 / 68      (Adware)

4 / 68      (Adware)
kmp_webssearches.exe (2433_kmp_webssearches by TabMain)  (e538d907c3a0bc463269d285014b706b)

6 / 68      (Adware)
pjr_webssearches.exe (2455_pjr_webssearches by SysTools)  (32423f129a323e657afefde74221e0e3)

4 / 68      (Adware)
nsbca_v9.exe (2425_nsbca_v9 by TabMain)  (e3769496079fb53970187e01185b9a87)

6 / 68      (Adware)
nsbuk_v9.exe (2424_nsbuk_v9 by TabMain)  (bedc1e3fdce9a2c82eb71bb6572927cb)

4 / 68      (Adware)

4 / 68      (Adware)

12 / 68    (Adware)

3 / 68      (Adware)

8 / 68      (Adware)
jan4_cor_vi-view.exe (2461_cor_vi-view by Spy File union)  (df2b77b271cc2239d8048132c8ae83aa)

4 / 68      (Adware)
air1243.exe (2428_air_omiga-plus by TabMain)  (a4b97dd0ee8fe02c133769660055fc6f)

8 / 68      (Adware)

4 / 68      (Adware)
red_webssearches.exe (2431_red_webssearches by TabMain)  (1467c341a34f4dfd42a0904e8b278eca)

6 / 68      (Adware)
0ab10rn3.exe (2465_obw_webssearches by SysTools)  (9145d550e32a8731770bb30d9741c3bf)

 
Latest 30 of 45 files

Downloads URLs for files signed by Shulan Hou.

1 / 68      (Adware)
http://www.girlliuxiaoqing.com/.../nsbes_webssearches.exe  (dd06893e34d0d678ba87ecacce9456fb)

1 / 68      (Adware)
http://www.girlzhangwei.com/.../lly_mystartsearch.exe  (6fc34c5199da6f2cb74df88d64861cd8)

5 / 68      (Adware)
http://www.girlwurina.com/.../pjr_webssearches.exe  (474d0951cb741a08be82931c32c148c0)

6 / 68      (Adware)
http://www.girlwurina.com/.../pjr_webssearches.exe  (32423f129a323e657afefde74221e0e3)

4 / 68      (Adware)
http://www.girlwurina.com/.../kmp_webssearches.exe  (e538d907c3a0bc463269d285014b706b)

4 / 68      (Adware)
http://www.girlwurina.com/.../air_omiga-plus.exe  (a4b97dd0ee8fe02c133769660055fc6f)

6 / 68      (Adware)
http://www.girlwurina.com/.../obw_webssearches.exe  (9145d550e32a8731770bb30d9741c3bf)

9 / 68      (Adware)
http://www.girlwurina.com/.../wpc_mystartsearch.exe  (3d38eb69dd4e70c25052dd1a7a98e364)

8 / 68      (Adware)
http://www.girlzhangwei.com/.../lly_omiga-plus.exe  (01724e222704a8f1b0d1379988301309)

6 / 68      (Adware)
http://www.girlwurina.com/.../nsbuk_v9.exe  (bedc1e3fdce9a2c82eb71bb6572927cb)

The following websites host and distribute files published by Shulan Hou.

The certificates below are also signed by Shulan Hou.

18DB51E9C16B714FFCB04CB5C35983FA  (Oct 08, 2016 to Jun 14, 2017)

2A5B578B2DA9A441D2C1AECD265EEFBF  (Jul 25, 2016 to Jun 14, 2017)

77C4983B630ECB2C08FBC858271E3D45  (Jul 20, 2016 to Jun 14, 2017)

03254EAC08CFABB19414DAE3BD08D149  (Jul 18, 2016 to Jun 14, 2017)

2F1AD76761251F239B649AF9F2D2627C  (Aug 11, 2016 to Jun 14, 2017)

74702DFF5D4056B847D009A2265FB1B3  (Jul 28, 2016 to Jun 14, 2017)

21E3000980B30029C251639A0B0AF0FD  (Aug 25, 2016 to Jun 14, 2017)

3261BAE34D602AACC22105B22CB5F2E9  (Sep 12, 2016 to Jun 14, 2017)

58D977998990941725A12A8E95E680E8  (Aug 22, 2016 to Jun 14, 2017)

1B471CD0973DAEB038ECC7D56538602F  (Aug 04, 2016 to Jun 14, 2017)

10 of 45 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

* Note, the details and description above are based on the code signing digital signature issued to Shulan Hou by DigiCert Inc on December 24, 2014 with the serial number '0e5d7348adffe93d9a1e35c180f4e728'.